Does your ecommerce site have enough security? With the recent data breach of Sony Pictures, we are reminded that hacking and fraud are critical problems for ecommerce websites and their customers. While this article does not cover every single important security essential, it does highlight a few of the important ones that every online business should have.
Table of Contents
Do not store sensitive data
There is no reason to hold on to thousands of customer records, especially credit card numbers, expiration dates, and CVV2 codes. Under PCI standards, it is strictly forbidden. The security industry recommends purging old customer data from your database and keeping a small amount of data for refunds and chargebacks. Per the PCI Data Security Standard Section 3.2:”Do not store sensitive authentication data after authorization (even if encrypted).”
Encrypt data information with an SSL certification
An SSL certificate or secured socket layer is the standard used to protect web communication. “Basically SSL is a technology that encrypts and decrypts messages sent between the browser and server. By encrypting the message as it is sent from the browser, it is rendered unreadable by the malicious virus or malware” (https://www.net4.in). A site with an SSL seal indicates the site has been authenticated and reassures the customer that their online transactions are safe. It helps to keep financial information secure on the website and reduce fraudulent purchases. Perform quarterly PCI scans to lower the risk of your site being hacked. It is essential with third party downloaded software like PrestaShop and Magento.
Multiple Layers of Security
Adding multiple layers of security acts as a deterrent to cyber crime. Firewalls are essential in stopping attacks before they breach your network and access vital information. “Start with firewalls, an essential aspect in stopping attackers before they can breach your network and gain access to your critical information,” says Sarah Grayson, Senior Marketing Manager for the Web Security Group at McAfee. “Add extra layers of security to the website and applications such as contact forms, login boxes, and search queries. These measures will ensure that your ecommerce environment is protected from application-level attacks like SQL (Structured Query Language) injections and cross-site scripting (XSS).”
Set Up an Alert System
As the level of fraud grows on ecommerce sites it is important to set up an alert system for suspicious activity. One example is a person placing multiple orders with different credit cards, and phone numbers that are delivered to separate addresses. During my time with ecommerce company One trend that we noticed was that most fraudulent orders would be shipped to port cities on the east coast such as Florida. Once the item would arrive it would be placed in a shipping container and disappear without a trace. Order control measures were put in place to check the recipients name matched with a credit card or debit card in order to avoid suspicious transactions. Part of that program consisted of emailing the customer and asking them to call and verify information. Many fraudulent orders were stopped by these methods
Patch Your Systems
When software companies release new versions of software patch everything immediately. The latest versions fix bugs in software. By updating to the latest software updates, you ensure your systems stay up to date. By not patching your systems, you allow hackers the opportunity to find a vulnerability and exploit it. Breached sites tend to have one thing in common. They tend to be running old versions of software and code. WordPress, Joomla, OS Commerce, and Zencart tend to be favorite targets for hackers and should be regularly checked for updates.
Require Stronger Passwords
Customers should be required to create long passwords utilizing symbols and or numbers. Making longer and more complex logins make it harder for cyber criminals to breach your website. Not only should they not share their passwords, they should be required to change them once a month.
Have DDoS Protection
“DDoS, short for “Distributed Denial of Service”, is a form of attack where multiple, already compromised networks are used to target a single system, causing a “Denial of Service” attack. When a website is under attack, it stops responding to legitimate users because a hacker-controlled “fleet” of computers are maliciously flooding network traffic to the target’s website. DDoS attacks have grown to be the weapon of choice for hackers and cyber criminals as they are inexpensive to execute, difficult to stop, and impact a very large network of users.” (https://www.sitelock.com). A DDoS Cloud service works by sending traffic through scrubbing nodes that filter the traffic and only send what legitimate to the site.
Monitor Your Website Regularly
There are many tools available on websites that can monitor your traffic and alert you if there is any suspicious activity. Once alerted you can take the steps necessary to prevent it. Have the hosting provider monitor their servers for malware, viruses, and other harmful software. It is recommended that you scan your website once a day to prevent malware from entering your website.
These are by no means the only security measures you should take to make your ecommerce website as secure as possible. Use these, as a basic checklist to protect your online business, your customer’s and potential revenue.